So what I've done instead is to:
- save an .msc file of the AD users and computers MMC snap in.
- Create a user group called Account Managers and add these staff to it. I've granted this group Read Access to the .msc file, and provided them with the file path to it.
- Give the Account Managers the neccesary permissions - Read, Write and Modify - to the OU's in which our user accounts (not our System Accounts - they're somewhere else)
- Delegated control of user accounts by right-clicking on the root domain in AD Users and Computers and - well, just walking through the wizard.
- Remove our users from the Admin groups